[Bug 35030] Steam Client Service crashes after post-installation step (AdjustTokenPrivileges called with non-NULL PreviousState and NULL ReturnLength out params)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Dec 1 13:29:09 CST 2013
http://bugs.winehq.org/show_bug.cgi?id=35030
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
URL| |http://media.steampowered.c
| |om/client/installer/SteamSe
| |tup.exe
Keywords| |download
Component|-unknown |ntdll
CC| |focht at gmx.net
Ever Confirmed|0 |1
Summary|Steam install program crash |Steam Client Service
|at the end of the install |crashes after
| |post-installation step
| |(AdjustTokenPrivileges
| |called with non-NULL
| |PreviousState and NULL
| |ReturnLength out params)
--- Comment #1 from Anastasius Focht <focht at gmx.net> 2013-12-01 13:29:09 CST ---
Hello folks,
confirming.
It's not the installer crashing but the post-install part, the startup of Steam
client service.
--- snip ---
...
002f:Starting process L"C:\\Program Files\\Steam\\bin\\SteamService.exe"
(entryproc=0x43d6fa)
...
002f:Call advapi32.RegCreateKeyExA(80000002,0045f478
"SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\Steam Client
Service",00000000,00000000,00000000,00020006,00000000,0033fca0,00000000)
ret=00407fe3
002f:Ret advapi32.RegCreateKeyExA() retval=00000000 ret=00407fe3
002f:Call KERNEL32.GetModuleFileNameA(00000000,0033fa9c,00000200) ret=00408022
002f:Ret KERNEL32.GetModuleFileNameA() retval=0000002b ret=00408022
002f:Call KERNEL32.lstrlenA(0033fa9c "C:\\Program
Files\\Steam\\bin\\SteamService.exe") ret=0040802f
002f:Ret KERNEL32.lstrlenA() retval=0000002b ret=0040802f
002f:Call advapi32.RegSetValueExA(0000003c,0045f424
"EventMessageFile",00000000,00000002,0033fa9c,0000002c) ret=0040804d
002f:Ret advapi32.RegSetValueExA() retval=00000000 ret=0040804d
002f:Call advapi32.RegSetValueExA(0000003c,0045f3ec
"TypesSupported",00000000,00000004,0033fc9c,00000004) ret=00408097
002f:Ret advapi32.RegSetValueExA() retval=00000000 ret=00408097
002f:Call advapi32.RegCloseKey(0000003c) ret=004080cf
002f:Ret advapi32.RegCloseKey() retval=00000000 ret=004080cf
002f:Call advapi32.RegCreateKeyExA(80000002,0045b2f4
"Software\\Valve\\Steam",00000000,00000000,00000000,000f003f,00000000,0033fdb0,00000000)
ret=00408118
002f:Ret advapi32.RegCreateKeyExA() retval=00000000 ret=00408118
002f:Call advapi32.OpenProcessToken(ffffffff,00000020,0033fc94) ret=0040a8d9
002f:Ret advapi32.OpenProcessToken() retval=00000001 ret=0040a8d9
002f:Call advapi32.LookupPrivilegeValueA(00000000,004601d4,0033fc04)
ret=0040a824
002f:Ret advapi32.LookupPrivilegeValueA() retval=00000001 ret=0040a824
002f:Call
advapi32.AdjustTokenPrivileges(00000044,00000000,0033fbf4,00000010,0033fbe4,00000000)
ret=0040a86e
002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc5bc1c
ip=7bc5bc1c tid=002f
002f:trace:seh:raise_exception info[0]=00000001
002f:trace:seh:raise_exception info[1]=00000000
002f:trace:seh:raise_exception eax=00000000 ebx=7bccf000 ecx=00000000
edx=00000004 esi=0033fb80 edi=0033fb98
002f:trace:seh:raise_exception ebp=0033fb18 esp=0033fa50 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
002f:trace:seh:call_stack_handlers calling handler at 0x43e230 code=c0000005
flags=0
--- snip ---
MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa375202%28v=vs.85%29.aspx
--- quote ---
OOL WINAPI AdjustTokenPrivileges(
_In_ HANDLE TokenHandle,
_In_ BOOL DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES NewState,
_In_ DWORD BufferLength,
_Out_opt_ PTOKEN_PRIVILEGES PreviousState,
_Out_opt_ PDWORD ReturnLength
);
...
PreviousState [out, optional]
A pointer to a buffer that the function fills with a TOKEN_PRIVILEGES
structure that contains the previous state of any privileges that the function
modifies. That is, if a privilege has been modified by this function, the
privilege and its previous state are contained in the TOKEN_PRIVILEGES
structure referenced by PreviousState. If the PrivilegeCount member of
TOKEN_PRIVILEGES is zero, then no privileges have been changed by this
function. This parameter can be NULL.
If you specify a buffer that is too small to receive the complete list of
modified privileges, the function fails and does not adjust any privileges. In
this case, the function sets the variable pointed to by the ReturnLength
parameter to the number of bytes required to hold the complete list of modified
privileges.
ReturnLength [out, optional]
A pointer to a variable that receives the required size, in bytes, of the
buffer pointed to by the PreviousState parameter. This parameter can be NULL if
PreviousState is NULL.
--- quote ---
I checked the service binary code and "ReturnLength" is really hard-coded to
NULL while "PreviousState" is non-NULL (stack var).
Another case of MSDN not really telling the truth.
Source:
http://source.winehq.org/git/wine.git/blob/eef5e45ee6aae7029ec3ec0565fbbdc2ee29b59f:/dlls/ntdll/nt.c#l197
--- snip ---
197 NTSTATUS WINAPI NtAdjustPrivilegesToken(
...
204 {
...
210 SERVER_START_REQ( adjust_token_privileges )
211 {
...
224 if (PreviousState)
225 {
226 *ReturnLength = reply->len + FIELD_OFFSET( TOKEN_PRIVILEGES,
Privileges );
227 PreviousState->PrivilegeCount = reply->len /
sizeof(LUID_AND_ATTRIBUTES);
228 }
229 }
230 SERVER_END_REQ;
231
232 return ret;
233 }
--- snip ---
$ sha1sum SteamSetup.exe
f2dd1ab2a96bd5b961bbc504458d5c53f242926c SteamSetup.exe
$ du -sh SteamSetup.exe
1.1M SteamSetup.exe
$ wine --version
wine-1.7.7-230-g2507330
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list